Article 4GHVC Drink from the Font of Wisdom

Drink from the Font of Wisdom

by
Remy Porter
from The Daily WTF on (#4GHVC)

A long time ago, George G started at Initech's downtown office. They had just rented a few floors in an old office building that had recently transitioned from "urban blight" to "twee coffee shops on the first floor and the scent of shoe polish and fresh leather on every floor."

It was a big space, and George was in the part of his career where he merited a private office with a view of the alley.

The first task was to track down a problem in the Mac version of their software product. It looked perfectly fine on Windows, but on OSX, there were font rendering glitches. It was a difficult bug to track down, but George could have been a detective in another life, and felt he was up for the challenge.

The most important clue was right there in the source control history. Over the past three years, five developers had contributed to the history. Each seemed to stick around for about four months, and then they left. Long months passed with no changes, and then a new developer came on to repeat the cycle. As George investigated, those names kept coming up again and again as he tried to piece together what the product did, how it worked, and why it was broken.

Because it was a cross platform application, they had implemented their own custom font-loader and renderer. At least, that seemed to be the argument. The internal structure of fonts is dangerous, complex stuff, and the code reflected that. It also reflected being tapped at by different developers with no continuity. It was a mess.

There were loads of things George saw in there that were definitely bad- unguarded memcpy calls, mallocs without frees, pointer arithmetic that seemed to operate more on faith than logic. But none of that seemed to be the specific source of the problem.

Frustrated, George decided to tackle the problem from the opposite direction. The screens where the rendering failed all were screens featuring one or two custom fonts. George loaded up the fonts in Adobe and Microsoft's font validation tools, and then watched the pile of errors cascade out.

The code which loaded the fonts was bad, but the fonts themselves were worse. Problem identified, George let his boss know that the fonts needed to be fixed. George's boss let the company president know.

A day later, George's boss came back: "The president wants to have a meeting with you, now."

The president's office was more like a conference room, but without the conference table. Just a long room, desk at one side, floor-to-ceiling windows and a view of the river. The president sat, glowering behind his desk.

"What the hell is wrong with you two! You've been here less than four months, George, and you're wasting my time- you're wasting my money on some pipe-dream idea that the font is bad?"

"It is. I can show you."

"The font works just fine in the Windows version! The problem has to be in the code, goddammit. I know how much you get paid. Should I grab a calculator and figure out how much your wild goose chase has just cost this company?" He slammed a fist onto the desk, which caused the solar powered calculator he kept next to his computer keyboard to bounce a bit.

The rant went on, but George already knew what he was going to do after the meeting. By the end of the day, he turned in his employee badge and his laptop, along with a blunt and honest resignation letter.

George enjoyed a short, unpaid vacation and moved on to other jobs. Over the years, he started to forget his time at Initech. That was until he saw a Microsoft Windows patch come down the pipe- a critical, emergency patch. It turns out, some "third party font-handling code" could cause arbitrary code execution in some Windows libraries. With a little more research, George confirmed: it was Initech's code that was causing the problem, and more than that, the last time Initech had shipped a new binary was back in 2008- one month after he'd left the company.

otter-icon.png [Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today! TheDailyWtf?d=yIl2AUoC8zA4j7_iUuexXE
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments